adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
73,452 Commits 27 Branches 1,043 Tags
3da170a43c7f288fe9bc88fe325da488733acac3
Commit Graph

1493 Commits

Author SHA1 Message Date
C4ssandre 46f59a76f0 Removing powershell payload serving method, and replacing it by just writing and executing in remote SYSTEM process. 2020-12-07 21:37:35 -05:00
C4ssandre b935842cc5 Updating an outdated comment. 2020-12-07 21:37:24 -05:00
C4ssandre d05bffdab3 Adding more detailed debug messages. 2020-12-07 21:36:34 -05:00
C4ssandre c7f832526d Fixing unfree-ed allocated memory space. 2020-11-30 14:54:19 +00:00
C4ssandre 381d371e8e Adding a check after memory allocation for localNegotiator object. 2020-11-30 14:47:20 +00:00
C4ssandre 08a744c1a6 Fixing a bad return code (ERROR_HEAP_ALLOC_FAILURE -> ERROR_NOT_ENOUGH_PRIVILEGES). 2020-11-30 14:44:20 +00:00
C4ssandre 0ce9d585cb Adding a line of dprintf for debugging. 2020-11-30 14:42:22 +00:00
C4ssandre 9d298c4059 Change code line for improving readability. 2020-11-30 14:39:10 +00:00
Spencer McIntyre 0ccb50ac02 Adjust how HostingCLR arguments are packed 2020-11-09 12:24:55 -05:00
b4rtik ddd9af83b9 Update 2020-10-29 22:49:41 +01:00
C4ssandre 49dbff8c27 Correction of a little wrong error code in return value. 2020-10-28 16:05:51 +00:00
C4ssandre 53d358dd33 Update of a comment. 2020-10-28 16:00:28 +00:00
C4ssandre f9b0aecc8f Changing debug system. Now, dprintf prints readable and filterable output logs. Debug boolean defined in entry point was removed. 2020-10-28 15:52:18 +00:00
C4ssandre 6fddb3be6a Updates of visual studio files. 2020-10-25 21:52:46 +00:00
C4ssandre 7ec20cfb0e Integration of powershell module into exploit. Now, metasploit is in charge of creating the powershell payload and transmit it to running exploit (instead of raw shellcode transformed into powershell previously). 2020-10-25 19:50:45 +00:00
C4ssandre d93c2d03fb Fixing a bug preventing to serve very large powershell payloads. 2020-10-25 19:00:39 +00:00
C4ssandre 64cbd7de49 Fixing typos in comments. 2020-10-25 18:57:56 +00:00
C4ssandre 868f406c2d Improvement by setting all buffers explicitly to 0 at initialization. 2020-10-25 18:52:12 +00:00
C4ssandre 567367c0ac Fixing a bug caused by base64 functions writing a long in an area expecting a short. 2020-10-25 18:41:11 +00:00
C4ssandre 8d9a0c1926 Removing extra ";" 2020-10-25 18:30:13 +00:00
b4rtik 9779bbef77 Fix parameter managing 
Fix a problem running assemblies with Main signature (string[] args) and no passed parameters
 2020-10-23 21:14:10 +02:00
Tim W 12c5f4f916 CVE-2019-1458 chrome sandbox escape initial commit 2020-10-15 10:57:46 -05:00
bwatters e24a81919a Land #13996, Add module for CVE-2020-9801, CVE-2020-9850 and CVE-2020-9856, 
RCE for Safari on macOS 10.15.3 (pwn2own2020)

Merge branch 'land-13996' into upstream-master
 2020-10-01 09:46:39 -05:00
C4ssandre 37dffaf703 Removing old ReflectiveLoader source files and linking to metasploit-framework embedded ones. 2020-09-29 00:19:09 +00:00
C4ssandre 03b7c00fce Replacing a malloc by a calloc for more reliability. 2020-09-29 00:07:37 +00:00
C4ssandre cbb07ec208 Replacing old base64 encoding and decoding "homemade" function by wincrypt.h functions (CryptBinaryToStringA and CryptStringToBinaryA). Adding some little adjustments in calling functions of elevator server. 2020-09-29 00:05:49 +00:00
C4ssandre de5390a4a7 Fixing typo. Not important. 2020-09-28 23:41:45 +00:00
C4ssandre 695e541682 Fixing unused result of DuplicateTokenEx() function. Now, the returned error code is used for monitoring the calling function process. 2020-09-28 23:41:19 +00:00
C4ssandre d4c1f65e99 Fixing typo in description comments of function IsTokenSystem(). 2020-09-28 23:25:08 +00:00
C4ssandre e533626aa0 Fixing non-use of error codes in function IsTokenSystem(). Now error codes are controlled and if token does not belong to SYSTEM, RunRogueWinRM returns the proper error code. 2020-09-28 23:23:49 +00:00
C4ssandre a2ef556cd8 Fixing redundant ZeroMemory instruction. 2020-09-28 23:17:06 +00:00
C4ssandre 234ddd2c1c Fixing typo in HEAP_ALLOC_FAILURE constant name. 2020-09-28 23:13:47 +00:00
C4ssandre 494e3d113e Adding new and more granular error codes. 2020-09-28 23:10:46 +00:00
Shelby Pace f0f4da2b1e Land #14157, Windows update orchestrator privesc 2020-09-25 16:07:27 -05:00
bwatters 7e68c42876 Rubocop, fix check method, clean up c code 2020-09-22 07:45:02 -05:00
bwatters 534e945cd0 First attempt at CVE-2020-1313 2020-09-18 15:39:12 -05:00
bwatters a2edcda819 Rubocop on module and update error handling on exploit C code + recompile 2020-09-16 11:17:39 -05:00
bwatters fe59099678 Clean up C code, add support for x86 targets 2020-09-16 11:17:39 -05:00
bwatters a72769909b Change exe to take destination and source files for copy 2020-09-16 11:17:39 -05:00
bwatters 17272209cc First try at CVE-2020-1048, needs lots of work 2020-09-16 11:17:38 -05:00
bwatters e592736833 Land #13992, Add module for CVE-2020-9839, LPE for macOS <= 10.15.4 
Merge branch 'land-13992' into upstream-master
 2020-09-04 15:53:17 -05:00
Tim W 301754c648 remove CMakeLists.txt 2020-09-01 17:14:21 +08:00
C4ssandre 1b68a41c9a Formatting code by removing whitespaces. 2020-08-28 17:34:49 +02:00
C4ssandre 995d6a7fc9 Changing all printf and wprintf to dprintf macro, defined in pch.h 2020-08-28 15:27:23 +02:00
Tim W b0864e17cc fix WebKit build 2020-08-27 20:06:02 +08:00
Tim W 33fa4d1424 dynamic offsets 2020-08-27 19:36:45 +08:00
Tim W 52fb91f2ba move loader offsets to offset table 2020-08-27 19:36:45 +08:00
Tim W a94389fb76 cleanup cvm_side 2020-08-27 19:36:45 +08:00
Tim W 6bd8fb14d0 fix offsets for 10.15.3 and 10.15.4 2020-08-27 19:36:45 +08:00
Tim W c7d0a1b2a8 add offsets for 10.15.4 2020-08-27 19:36:45 +08:00